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Appendix 

This listing of claims includes claim amendments as should have been presented 

in the Amendment and Reply filed on October 18, 2010. 



L (Currently Amended) A method comprising: 

receiving, using a processing device, a first request, from a first, sponsor of an 
access candidate, for access to a first security level in a computer network, wherein the 
first security level secures computational resources for accessing manipulating electronic 
data; 

detg^ming, using the processing device, wh ether access eandid ate . attributes 
satisfy access requirements of the resources, wherein the access candidat e attributes are 
revisable based, at least in part, on a determination indicating that access to the first level 
isprohibited; 

granting, using the processing device, access to the first security level based on 
■m ' - ^f -fee^pfe^p^ a determination indicat ing that access to the first level is 
not prohibited; 

receiving, using the processing device, a second request, from a second sponsor 
of the access candidate, for access to a second security level in the computer network in 
response to the granting of access to the first security level, wherein the second security 
level secures the electronic data; 

determining, using the processing device, whether attributes of the access 
candidate attributes satisfy access requirements of the electronic data secured by the 
second security level; 

. obtaining authorization for the 
second request fer -auth erization to from a resolution authority if the access candidate 
attributes fail to satisfy the access requirements of the electronic data in response to a 
determination indicating that access to the second security level is prohibited , wh ere in 

and 

in response to obtaining the authorization from the resolution authority, granting 
the access candidate access to the second security level. 
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2. (Currently Amended) The method of Claim 1, further comprising granting 
access to the second security level in response to determining that the a ttribu tes of the 
access candidate attributes satisfy the access requirements of the electronic data. 

3. (Currently Amended) The method of Claim 1, further comprising denying access 

to the second security level if re que st the 

authorization for the second request cannot be obtained. 

4. (Currently Amended) The method of Claim 1, wherein at least one of the access 
requirements of the resources and th e access requirements of the electronic data are 
represented as part of a graphical display associated with the access candidate and 
accessed for display to a controller via a network. 

5. (Currently Amended) The method of Claim 1, wherein at least one of the access 
requirements of the resource and the access requirem ents of the electronic data comprise 
a citizenship status of the access candidate or a current location of the access candidate. 

6. (Currently Amended) The method of Claim 5, wherein the attribute^--ef -the 
access candidate attributes comprise a citizenship status of the access candidate or a 
current location of the access candidate. 

7. (Currently Amended) A method comprising: 

receiving, using a processing device, a first request, from a first sponsor of an 
access candidate, for physical access to a computer network: 

determining, using the processing device, whether access candidate attributes 
satisfy access requirements of physical access, wherein the access candidate attributes 
are revisable based, at l east in part, on a determ that physical access is 

prohibited; 
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granting, using the processing device, the physical access to the computer 



physical access is not prohibited: 

receiving, using the processing device, a second request, from a second sponsor 
of the access candidate, for access to electronic data in the computer network in response 
to the granting of physical access to the computer network; 

determining, using the processing device, whether attri butes of the access 
candidate attributes satisfy access requirements of the electronic data; 

s ^ M ^ obtaining authorization for the 
second request for authorization to from a resolution authority if the access candidate 
attributes fail to satisfy access requirements of the electronic data in response to a 
determination indicating that access to the electronic data is prohibited? -w herein the 



in response to obtaining the authorization from the resolution authority, granting 
the access candidate access to the electronic data 



third request. 

8. (Currently Amended) The method of Claim 7, further comprising [[ :]] 

granting access to the electronic data if the in response to a comparison of the 
access candid ate attributes with the access requirements of the electro nic d^a indicMini 
indicates that access to the electronic data is not prohibited, 

9. (Currently Amended) The method of Claim 7, further comprising denying access 
to the electronic data if fs#^#^ the authorization 
for the second request cannot be obtained. 

10. (Currently Amended) The method of Claim 7, wherein the attribute s-ef -the 



network based on 







access candidate attributes are represented as part of a graphical display 



associated with the access candidate and accessed for display via a .network. 
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1 1 . (Currently Amended) The method of Claim 7, wherein at least one of the access 
requirements of the electronic data and the access requirements of physical access 
comprise a valid data access agreement with the access candidate; a current location of 
the access candidate; or a citizenship status of the access candidate. 

12. (Currently Amended) The method of Claim II, wherein the attributes of the 
access candidate attributes comprise an existence of a data access agreement; a current 
location of the access candidate; or a citizenship status of the access candidate. 

13. (Currently Amended) The method as in Claim 7, wherein at least one of the 
access requirements of the electronic data and access requirements of physical access 
comprise a current location of the access candidate or a citizenship status of the access 
candidate. 

14. (Previously Presented) The method of Claim 7, wherein at least one of the 
request for physical access or the request for access to the electronic data is submitted by 
more than one sponsor of the access candidate. 

15. (Currently Amended) A method comprising: 

identifying, using a processing device, a plurality of data subsets of electronic 
data, wherein respective data subsets correspond to respective sets of access 
requirements; 

determining, using the processing device, at least one data class associated with 
the respective data subsets, the at least one data class identifying at least a citizenship 
requirement and a location requirement for access to data associated with the at least one 
data class; 

receiving, using the processing device, a first request, from a first sponsor of an 
access candidate, for access to a first security level in a computer network, wherein the 
first security level secures physical access to a computer workstation for accessing 
manipulating the electronic data, the first request including access attributes of the access 
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candidate corn prising an indication of a citizenship status of the access candidate, an 
indication of a current location of the access candidate, and an indication of an existence 
of a data access agreement with the access candidate: 

determining, using the processing device, whether the access candidate attributes 
•Mtjsf^.g&ggg^. . r^uiremen ts fi£ the first security level , wherein the access c andi date 
attributes are re visahle based, at least in part on a deter mination i ndicating that access to 

granting, using the processing device, access to the first security level based on 
^-^sfc&tl^^ a determination indicating that access to the first 

security level is not prohibited; 




receiving, using the processing device, a second request, from a second sponsor 
of the access candidate, for access to a second security level in the computer network in 
response to the granting of access to the first security level, wherein the second security 
le vel secures access to at least one of the plurality of data subsets; 

determining, using the processing device, whether the attributes of the access 
candidate attributes satisfy the respective set of access requirements corresponding to the 
at least one of the plurality of data subsets; 

: s&feml^ obtaining authorization for the 

second request fe^aut-herixatieB----te from a resolution authority [[J] if the access 
candidate attributes fail to satisfy; the 

to the at least one of the plurality of data subsets in response to a determination 
indicating that access to the at least one of the plurality of data subsets is prohibited? 



in response to obtaining the authorization from the resolution authority, granting 
the access candidate access to the second security level 
the third request . 

16. (Currently Amended) A system comprising: 

storage means for receiving and storing electronic data using a computer 
network; 





&i*thvH4W and 
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means for evaluating a first request for access to one or more resources in the 
computer network, wherein the resources secure the electronic data, [[and]] wherein an 
evaluation of the first request includes a first comparison of one or more attributes of the 
access candidate with one or more access requirements associated with the eteetre-nie 
data resources, and wherein the one or more attributes of the access candidate are 
revisahle if the first com parison indicates that access is prohibited; 

means for granting access to the one or more resources if the first comparison 
indicates that access is not prohibited; 

means for evaluating a second request for access to the electronic data by the one 
or more resources, wherein an evaluation of the second request includes a second 
comparison of the one or more attrib utes of the access candidate with one or more access 
requirements associated with the electronic data; 

means for -subrnMe g-a-tfaifd obtaining jmtbo request fer 




the access candidate fails to satisfy one o r more access requirements associated with the 
electronic data in response to the evaluation of the second request indicating that access 
to the electronic data is prohibited; and 

means for granting, in response, to. obtaining the authorization from, the resolution 
authority, the access candidate access to the electronic data using the one or more 
resources feft&g&H^ 

17. (Currently Amended) The system of Claim 16, further comprising means for 
granting access to the electronic data using the one or more resources configured to 
access and manipulate the electronic data if the second comparison indicates that access 
to the electronic data is not prohibited, 

18. (Currently Amended) The system of Claim 16, wherein the access candidate is 
denied access to the electronic data if the 
authorization for the second request cannot be obtained. 






Atty. Dkt No, 22223810000 



-29- 

Reply to Office Action of January 7, 201 1 



BELANGER et al 
Appl. No. 10/659,368 



19. (Currently Amended) The system of Claim 16, wherein the one or more 
attributes of the access candidate attributes are represented as part of a graphical display 
associated with the access candidate and accessed for display via a network. 

20. (Currently Amended) The system of Claim 16, wherein at least one of the one or 
more access requirements associat ed w ith the reco urses and the one or more access 
requirements associated with the electronic data relates to at least one of: a valid data 
access agreement with a potential access candidate; a current location of the potential 
access candidate; or a citizenship status of the potential access, candidate. 

21. (Currently Amended) The system of Claim 20, wherein the one or more 
attributes of the access candidate attributes relate to at least one of: an indication an 
existence of a data access agreement with the access candidate; a current location of the 
access candidate; or a citizenship status of the access candidate. 

22. (Previously Presented) The system of Claim 16, wherein the one or more access 
requirements associated with the electronic data includes at least one of a current 
location of the access candidate or a citizenship status of the access candidate. 

23. (Previously Presented) A system comprising: 

storage configured to receive and store electronic data using a computer network; 

one or more resources configured to process and manipulate the electronic data 
using a computer network; 

a resource access controller configured to grant access to one or more resources, 
in response to a request for access to the one or more resources, based at least in part on a 
comparison of a citizenship status and a current location of an access candidate and an 
existence of a data access agreement with a citizenship requirement, wherein the location 
requirement and the data access agreement requirement are associated with the one or 
more resources; 

one or more data access controllers configured to grant access to a corresponding 
portion of the electronic data based at least in part on a comparison of the citizenship 
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status and the current location of the access candidate with the citizenship requirement 
and the location requirement associated with the one or more data classes of the 
corresponding porti on of the electronic data; 

one or more resolution authorities configured to; 

modify access requirements associated with the one or more data classes, 

and 

authorize access to one or more portions of the electronic data in response 
to a comparison performed by a corresponding data access controller indicating that 
access is prohibited: and 

a data access module configured to ■ 

evaluate a request for access to one or more portions of the electronic data 
using the one or more resources, 

identify one or more data access controllers corresponding to the one or 
more portions of the electronic data, and 

forward the request for access to the one or more identified data access 
controllers for evaluation regarding whether to grant access to the corresponding one or 
more portions of the electronic data, 

24. (Currently Amended) A method comprising: 

receiving, using a controller in a computer network associated with secured 
electronic data, a request for access to the secured electronic data in the computer 
network; 

comparing, using the controller, one or more attributes of an access candidate 
with one or more access requirements associated with the secured electronic data; 

a utho rization for the request from a resolution authority if one or more attributes of the 
access candidate fails to satisfy one or more access requirements associated with the 
secured electronic data 
requirements ; 
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in resp onse to obtaining or not obtaining authorization from the resolution 
authority^ granting or denying in whole or in part, using the controller, access to the 
secured electronic data based, at least in part, on a determination by the resolution 

based on access candidate information 

and request related information. 

wherein the o ne or more attrib utes of the a ccess ca ndidate are revisable based, at 
feastji^ denying access to the secured ele ctronic dat a. 

25! (Previously Presented) The method of Claim 24 5 further comprising granting 

access to the secured electronic data in response to a comparison indicating that access 
by the access candidate is- not prohibited. 

26. (Previously Presented) The method of Claim 24, wherein die one or more access 
requirements associated with the secured electronic data are represented as part of a 
graphical display associated with the access candidate and accessed for display to the 
controller via a network, 

27. (Previously Presented) The method of Claim 24, wherein the one or more access 
requirements associated with the secured electronic data are related to at least one of a 
citizenship status or a current location of the access candidate, 

28. (Previously Presented) The method Claim 27, wherein the one or more attributes 
of the access candidate includes at. least, one of a citizenship status or a current location of 
the access candidate, 

29. (Currently Amended) A method comprising: 

receiving, using a controller in a computer network associated with secured 
electronic data in the computer network, a request for access to the secured electronic 
data in the computer network; 
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comparing, using the controller, one or more attributes of an access candidate 
with one or more access requirements associated with the secured electronic data; 

granting, using the controller, access to the secured electronic data in response to 
a comparison indicating that access by the access candidate is not prohibited; 




access by the acc^s CMdi^ r 
^feiN^a?^^ and 

ilLJ&?|^ 6E no * obtaining authorization . from :;; the resolution 

authority, granting or denying in whole or in part, using the controller, access to the 

secured electronic data based, at least in part, on a determinatio n by the resolution 

Ite-^ based on access candidate information 

and request related information. 

wherein the one or more attributes of the access candidate are revisahle based, at 
least in part, on a determination denying access to the secured electronic data. 




30. (Currently Amended) An article of manufacture including a non-transitory 
computer-readable medium having instructions stored thereon, execution of which 
causes a processing device to perform operations comprising: 

receiving, using a processing device, a request for access to a first security level 
in a computer network; 

comparing, using the processing device, ^e or^ 
candidate with one or more acce ss recjuirements associated wi th the first security level, 
wherein the one pr more attributes of the acccs s candid ate are revi s abl e b ased^at kasUn 
part, on a determination indicating that access by the access candidate to the firs t security 
level is prohibited; 

granting, using the processing device, access to the first security level based on a 
comparison 
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. indicating, that, access by the access candidate to the first 
security level is not pro hibited; 

receiving, using the processing device, a request for access to a second security 
level in the computer network; 

^fefei^B^^^ g i ■ ■ • • ^ #frgHS®£ obtaining aut horization for the 

request from a resolution authority in response to a comparison indicating that access by 
the access candidate is prohibited— fe$g<^^ 

3L (Previously Presented) The article of manufacture of Claim 30, farther 
comprising granting access to the second security level in response to a comparison of 
the one or more attributes of the access candidate with the one or more access 
requirements associated with the second security level indicating that access to the 
second security level by the access candidate is not prohibited. 

32. (Currently Amended) The article of manufacture of Claim 30, further comprising 
denying access to the second security level if tfe®-^ 

auth oriz a tio n the authorization for the request cannot be obtained, 

33. (Previously Presented) The article of manufacture of Claim 30 ? wherein the one 
or more attributes of the access candidate is represented as part of a graphical display 
associated with the access candidate and accessed for display via a network, 

34. (Previously Presented) The article of manufacture of Claim 30 3 wherein the one 
or more access requirements associated with the first security level relates to at least one 
of: a valid data access agreement with the access candidate; a current location of the 
access candidate; or a citizenship status of the access candidate. 



35, (Previously Presented) The article of manufacture of Claim 34, wherein the one 
or more attributes of the access candidate relates to at least one of: an indication of 
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whether the access candidate has a data access agreement; a current location of the 
access candidate; or a citizenship status of the access candidate. 

36. (Previously Presented) The article of manufacture of Claim 30, wherein the one 
or more access requirements associated with the second security level relates to at least 
one of a current location of the access candidate or a citizenship status of the access 
candidate. 

37. (Previously Presented) The article of manufacture of Claim 30, wherein at least 
one of the request for access to the first security level or the request for access to the 
second security level is submitted by one or more sponsors. 

38. (Previously Presented) The method as in claim 1, further comprising granting a 
waiver of the access requirements. 

39. (Cancelled) 

40. (Cancelled) 

41. (Currently Amended) The method of claim 1, further comprising receiving 
supplemental evidence verifying the the attri butes of t h e access candidate attributes. 

42. (Previously Presented) The system of claim 15, wherein the data subsets are 
separated into the at least one data class based on a data provider of the data. 

43. (Previously Presented) The method of claim 15, wherein the physical access 
comprises physical access to a facility housing the computer workstation. 

44. (Previously Presented) The method of claim 15, wherein the physical access 
comprises logging on to the computer workstation. 
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